Add Support for Nested Fields in isAuthorizedByUserId for Retrieving UserId

[albertlai431]

Ticket link

Closes #115

Implementation description

• Created isAuthorizedForCreateShiftSignups check for createShiftSignups and isAuthorizedForUpdateShiftSignups check for updateShiftSignup

Steps to test

1. Ensure that your local db contains the seed data
   
2. docker-compose up --build
3. Navigate to http://localhost:5000/graphql
4. Run the following mutations and ensure the results are expected (Credits for the mutations to Joseph from Built out shift signup endpoints #90 🙏).

Sign in as a volunteer and use the access token for the following mutations:

# Create Shift Signups
mutation {
  createShiftSignups(
    shifts: [{ shiftId: 2, userId: 1, numVolunteers: 3, note: "test" }]
  ) {
    shiftId
    userId
    numVolunteers
    note
  }
}
# Expected result: error with "Failed authentication and/or authorization by userId"

mutation {
  createShiftSignups(
    shifts: [{ shiftId: 2, userId: 2, numVolunteers: 3, note: "test" }]
  ) {
    shiftId
    userId
    numVolunteers
    note
  }
}
# Expected result: succeed

# Update Shift Signup
mutation {
  updateShiftSignup(
    shiftId: "2"
    userId: "1"
    update: { status: CONFIRMED, note: "test", numVolunteers: 3 }
  ) {
    shiftId
    userId
    numVolunteers
    note
    status
  }
}
# Expected result: error with "Failed authentication and/or authorization by userId"

mutation {
  updateShiftSignup(
    shiftId: "2"
    userId: "2"
    update: { status: CONFIRMED, note: "test", numVolunteers: 3 }
  ) {
    shiftId
    userId
    numVolunteers
    note
    status
  }
}
# Expected result: succeed

Sign in as an admin and use the access token for the following mutations:

# Create Shift Signups
mutation {
  createShiftSignups(
    shifts: [{ shiftId: 2, userId: 1, numVolunteers: 3, note: "test" }]
  ) {
    shiftId
    userId
    numVolunteers
    note
  }
}
# Expected result: error with "Failed authentication and/or authorization by userId"

# Update Shift Signup
mutation {
  updateShiftSignup(
    shiftId: "2"
    userId: "2"
    update: { status: CONFIRMED, note: "test", numVolunteers: 3 }
  ) {
    shiftId
    userId
    numVolunteers
    note
    status
  }
}
# Expected result: succeed

Sign in as an employee and use the access token for the following mutations:

# Create Shift Signups
mutation {
  createShiftSignups(
    shifts: [{ shiftId: 2, userId: 3, numVolunteers: 3, note: "test" }]
  ) {
    shiftId
    userId
    numVolunteers
    note
  }
}
# Expected result: error with "Failed authentication and/or authorization by userId"

# Update Shift Signup
mutation {
  updateShiftSignup(
    shiftId: "2"
    userId: "3"
    update: { status: CONFIRMED, note: "test", numVolunteers: 3 }
  ) {
    shiftId
    userId
    numVolunteers
    note
    status
  }
}
# Expected result: error with "Failed authentication and/or authorization by userId"

What should reviewers focus on?

• Ensuring that the mutations above produce the expected result

Checklist

• My PR name is descriptive and in imperative tense
• My commit messages are descriptive and in imperative tense. My commits are atomic and trivial commits are squashed or fixup'd into non-trivial commits
• I have run the appropriate linter(s)
• I have requested a review from the PL, as well as other devs who have background knowledge on this PR or who will be building on top of this PR

[LenaNguyen]

Not sure if this is just me, but it seems like the authorization checks aren't working now? I was able to create a shift for any user but also with any role 🤔 Not sure what's happening yet

[LenaNguyen]

Everything works great now! Thank you for looking into this! Just some tips on optimizing the code but aside from that it's looking good :)

[LenaNguyen]

Thanks for incorporating the changes. This looks great!